The present invention generally relates to computerized data security and verification systems and methods. More particularly, the present invention relates to such systems and methods operating over a third party cloud-based storage application.
The “cloud” is a new model for distributed computing. The National Institute of Standards and Technology (NIST) defines “cloud computing” in the document titled “The NIST Definition of Cloud Computing” (NIST Special Publication 800-145, September, 2011) as “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that may be rapidly provisioned and released with minimal management effort or service provider interaction.”
Increasingly, electronic information that has been previously stored on local or network connected computing systems is moving to “cloud” storage systems. In addition to this movement of existing information to the cloud, users are creating vast amounts of new information placed directly into cloud storage. These cloud storage systems include information storage that is provided by service or storage providers such as Dropbox, Box, SugarSync, and the Microsoft Skydrive service. Other sources and providers of cloud storage exist.
Users of these services are provided authorized access to this storage after obtaining a subscription or membership offered to them by a storage provider. Alternatively, membership may be obtained in other ways. Upon obtaining a membership a user becomes a member. Storage is then accessible to members through the internet. However, the storage available through the internet is provided on an open network unprotected by the traditional perimeter defenses such as corporate firewalls, SSL connections, and access authentication mechanisms that may be used to protect local or network connected storage systems.
These open network storage systems provide only limited protections to users regarding the confidentiality or integrity of their information that they place onto these storage systems. For example, some storage systems may provide no protections at all. Further this information is often shared between multiple users that have all been granted membership access to the same stored information, giving rise to further security concerns.
Common methods in use today to protect access to information stored on open networks include basic authentication which relies on a user ID and password, or methods such as Oauth as presented by the OAuth group (www.oauth.net) or OpenID as presented by the OpenID Foundation (www.openid.net). These methods may authenticate user and application identities but they do not directly authenticate user data files.
Other methods for information protection available today may provide some limited protections for the information stored on open networks. Some examples of other methods currently deployed are digital timestamps, digital signatures, or file and folder access permissions as may be in use today. For example, digital timestamps provide a way for determining the content of a file at a point in time. This method requires an available timestamping authority (TSA) or server to provide the digital timestamp. This method has a high degree of complexity and requires sufficient timestamp infrastructure to implement.
Digital signatures may provide a record of who applied a signature to a file, but digital signatures do not provide a way for establishing a time sequence or chronology and therefore may not maintain integrity over a time interval. Additional ways of protecting information such as setting file and folder access permissions may prevent access to a file on an open network, but today these methods may often be circumvented and they do not provide any way for data integrity or prevention of replay attacks.
Using these available methods, users must place their information onto these cloud storage systems at their own risk with no certainty that their information will not be intercepted or altered by unauthorized users. In the event that this information is improperly accessed or altered, in an unauthorized manner, the authorized users of this information may never detect that this information has been improperly accessed, or altered.
In some instances, encryption may be available to these users from the storage provider, by their own methods, or through other methods available to them for protecting information. This encryption may be applied to the files and other information placed into the cloud. However, the use of encryption, which makes information unreadable without the use of an electronic key, may not ensure that data has not been inappropriately accessed or altered. Electronic keys protecting encrypted information may be intercepted or in some cases even guessed allowing unauthorized users to access information they are not otherwise allowed to access.
Once this unauthorized access is obtained, the information may be used inappropriately, altered, and even re-encrypted by the unauthorized user without the knowledge of the authorized users. This may lead the authorized users to come to rely on this altered information as if it was correct, when actually it is not.
Further, the use of encryption does not prevent an unscrupulous member who is allowed access to information stored in the cloud from disregarding any rules established for accessing this stored information. The unscrupulous user may properly access this information, but then improperly use or alter this information to harm or deceive the other authorized members using and relying on the information.
Members accessing information stored in the cloud may not all be granted the same level of access to the shared storage. Shared open network storage may be owned, or managed by one or more members who are authorized to manage this information. A manager may also be referred to as a moderator. The moderator may accept, approve, or deny changes made to shared information by other members. The moderator may allow or deny other members access to shared information. Other members may be granted less or different access such as they may be able to read or copy information in or about the shared information storage, but they may not be allowed to decrypt or alter it, although they may copy and use that information in another private space that is separate from the shared access of the other members.
This type of access provides ways for an unscrupulous user to access appropriately validated information which they may copy to a private storage location that is not part of the shared member storage. The information may be considered valid for a defined period or interval of time after which the information is no longer to be considered valid. The unscrupulous user may attempt to present the data at a later time under the pretense that it is still valid data. Users unable to make a determination that the information should no longer be considered valid may mistakenly accept the data as still valid when in fact it should not be. This type of misrepresentation is referred to as a “replay” attack.
With regard to the operation of current cloud hosting or storage services, we will use as an example Dropbox, as provided by Dropbox, Inc. Dropbox is a cloud file storage service offered to users through a membership service. A user becomes a member by joining the service. Membership levels are provided at no cost. Additional membership levels are available and may require payment.
Upon membership, a new member is able to place files into the cloud storage provided to members. Members may create folders using familiar application programs such as the Microsoft Windows Explorer file manager. Files may be created and placed into these folders. These files and folders may then be accessible to a member from any device connected to the Dropbox storage for that member.
A capability of Dropbox storage is that file and folder access may be synchronized for almost immediate access from any of a members devices that may access Dropbox. A member may for example place a file into a folder within the Dropbox storage from the interface of a personal or laptop computer. That member may then access that file from a smart phone or tablet without having to perform a specific transfer operation using alternative methods including transfer programs such providing file transfer (FTP) or email (Microsoft Outlook), or that may require using physical media such as a USB or portable flash drive.
Using the Dropbox interface a member may designate that a folder be accessible to other members for purposes such as information exchange or collaboration. Making a folder accessible to other members provides a method for sharing information with members. A folder may be shared with many members. A limitation of products such as Dropbox is that any member may share a folder with any other member in such a way that not all members may know who has access to shared information. A member is unable to moderate access to shared information.
Sharing of information allows other members to receive access to folders to be shared. Sharing is initiated by a member by selecting or specifying other members who may access files or folders identified for sharing. Sharing selections may be made using the information displayed to a member within the user interface provided by Dropbox. A member may select that information not be shared.
A first user that shares a folder with a second member may not be aware that the second member is sharing that same folder with a third member. The first member may have intended for the information to be shared only with the second member. However, the first member may not prevent the third member from accessing the folder once the second member has shared the folder.
Information placed within the Dropbox storage may be encrypted by the Dropbox system. Files placed within Dropbox folders transfer across the open network through a secure network channel established by the Dropbox environment. This secure channel is implemented using the SSL protocol. This protocol may protect the files only as they move across the network connection between a member device and the Dropbox storage.
Protection is also provided for files while they are stored within the Dropbox storage. They are encrypted within the Dropbox storage using an encryption key maintained by Dropbox. This encryption key may be known by a member. This encryption key is also known by Dropbox, Inc.
A limitation of this protection is that a member no longer has sufficient control of their data even though it is encrypted within Dropbox storage. A breach of a Dropbox system that allows unauthorized access to encryption keys used to encrypt member information or a malicious act by a Dropbox staff member that gains access to an encryption key protecting a member file may place the information of a member at risk of unauthorized exposure.